CVE-2024-12471: The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is
highvulnerability
security
Summary
A WordPress plugin called 'The Post Saint' (used to generate AI text and images) has a security flaw in versions up to 1.3.1 where it fails to check user permissions and validate file types when uploading files. This allows attackers with basic user accounts to upload malicious files that could let them execute arbitrary code (RCE, running unauthorized commands) on the website.
Vulnerability Details
CVSS Score
8.8(high)
EPSS (30-day exploit probability)
EPSS: 64.4%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
OpenAIStability AI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-12471
First tracked: February 15, 2026 at 08:50 PM
Classified by LLM (prompt v3) · confidence: 75%